Boot verification in Android

Transcript

1. Prashant Pol Boot veri f ication in Android To ensure

   integrity of os and partitions 1

2. Introduction Android Engineer at LINE Multi device experience team @prashantspol

   2

3. Agenda - Boot veri f ication signi f icance -

   Concepts - Veri f ication sequence - Veri f ication in A/B device updates - Rollback protection - Veri f ied boot 2.0 3

4. Why boot veri f ication signi f icant 4

5. Boot Android OS Anti-virus Anti-malware Google Play Protect periodic scans

   Phone Security 5

6. 6 Boot Veri f ication signi f icance - Security

   - Unveri f ied f irmware update - Data breach - Lack of trust Boot Veri fi cation is important What if boot veri f ication was not implemented

7. What is Boot? 7

8. Boot process overview Some of piece of software Android launcher

   UI 8

9. boot ROM bootloader linux kernel init process zygote process system

   server android launcher UI Boot process overview 9

10. In simple terms, Ensures that all code executed during boot

    up was from a trusted source and nothing was compromised. Android BootVeri f ication 10

11. History 4.4 7.0 8.0 Boot Veri f ication was introduced

    Warn user Prevent boot Standardise boot veri f ication Android OS 11 almost a decade ago

12. Root of trust Bootloader boot partition other partitions BootVeri f

    ication 12

13. Root of trust Android perspective, - A cryptographic key used

    to sign hashes - Private key / Public key - Same key is used for future version releases - Foundation for secure operations - Designed in a way that it must be inherently trusted. 13

14. Custom root of trust: - Tamper evident storage - Boot

    warning - User’s physical con f irmation required Hardware backed root of trust is considered to be most secure. - in processor chip / system on chip (SoC) Root of trust (cont…) Why ?? 14

15. - Approved by manufacturer - Signed with manufacturer’s root of

    trust - Boot veri f ication applied Original OS What if want to install custom os ? - Custom OS => Custom Root of Trust - Relax boot veri f ication - How boot loader know about it ? 15

16. Device State LOCKED UNLOCKED - Prevents flashing custom os version

    - Checks and warns during boot - Can flash custom os version - Boot checks are relaxed Device state 16

17. - Physical interaction required - User’s data partition is wiped

    out - RAM will be reset - User can flash custom os image - Settings > System > Developer Options > OEM unlocking (ON) - fastboot flashing unlock LOCKED UNLOCKED State changes 17

18. - fastboot flashing lock -Settings > System > Developer Options

    > OEM unlocking (OFF) - Cannot flash any custom os image - Device reset - Reselling LOCKED UNLOCKED State changes (cont…) 18

19. Root of trust Bootloader Boot partition Other Partitions BootVeri f

    ication 19

20. Partitions boot system Kernel image recovery Android framework Stores recovery

    image during OTA userdata User installed apps and data vendor Vendor speci f ic binary not distributable with AOSP 20

21. Partition veri f ication boot Not only boot up code

    or kernel. But need to verify partitions as well. dtbo system vendor • Small partitions • Can be loaded into RAM to calculate hash • Big partitions • Can not be loaded into RAM entirely to calculate hash Each partition’s hash is calculated and saved at the start or end of the partition. )PX
    UP
    IBTI
    #*(
    QBSUJUJPOT
    21

22. Big partitions are read from disk using tree hashing. Tree

    hashing partition data in bytes Random salt Partition Hash 22

23. Tree hashing (cont…) partition data in bytes 4K 4K 4K

    4K 4K 4K 4K 4K 4K 4K 4K 4K appended hashes 4K 4K 4K 4K 4K 4K 4K 4K 4K Layer 1 Layer 2 Layer 3 appended hashes 4K 4K 4K 4K 4K 4K Layer 4 4K Root Hash 23

24. Agenda - Boot veri - Concepts - Veri f ication

    sequence - Veri - Rollback Protection - Veri f 24

25. Veri f ication sequence Root of trust Start booting Calculate

    hash of next code to execute Compare with pre-calculated hash Is hash comparison success Veri f ication Error Fail Success 25

26. Handling Veri f ication Error Boot Start Run time Set

    error f lag Restart User handling required Success 26

27. Device State LOCKED ? Valid OS ? Valid OS ?

    Cannot Boot Warn user eio mode? Show eio screen BOOT OS N Y N Y Boot f low (simpli f ied) N Y Y N Y N 27

28. Agenda - Boot veri - Concepts - Veri f -

    Veri f ication in A/B device updates - Rollback Protection - Veri f 28

29. Slot A Slot B A/B device updates Over-the-air (OTA) update.

    - update_engine daemon - Streamed installation Slot A Slot B In Use Idle New version update 29

30. SLOT A SLOT B OTA update Active isBootable = true

    Boot from slot A Boot from slot B isActive = true Passive Active isSuccessful = true Success Success Failure Failure Passive A/B device update (cont…) 30

31. Agenda - Boot veri - Concepts - Veri - Veri

    f - Rollback Protection - Veri f 31

32. Rollback Protection Android Phone OS Other OS version ? v10

    v8 Installed version (rollback index) is important. 32 >

33. Agenda - Boot veri - Concepts - Veri - Veri

    f - Veri f ied boot 2.0 - Rollback Protection 33

34. vbmeta hash of boot Hash tree metadata of system Hash

    tree metadata of vendor (Signed by key) Veri f ied boot 2.0 - Android veri f ied boot - Android 8.0 - Standardised partition footer vbmeta struct: - Central data structure - Rollback indexes - Chained partition support 34

35. VBMeta digest Digest = hash over all vbmeta structs (including

    chained partitions). Digest is used to verify authenticity Digest & keys from hardware backed attestation used to cross verify. 35

36. Provides boot state with enum Veri f iedBootState. HW Attestation

    - Veri f ied - SelfSigned - Unveri f ied - Failed 36

37. Conclusion • Boot veri f ication is important to trust

    device. • If boot was compromised then any additional security application or any piece of software cannot be trusted. • Cryptographic hashing & signing is used to ensure authenticity of executed code. • After boot up, hardware backed key attestation data could be used in user space to decide authenticity of boot up. 37

38. References -https://source.android.com/docs/security/features/veri f iedboot -https://source.android.com/docs/security/features/veri f iedboot/device-state -https://source.android.com/docs/security/features/veri f iedboot/veri

    f ied-boot -https://source.android.com/docs/security/features/veri f iedboot/boot-flow -https://android.googlesource.com/platform/external/avb/+/master/README.md -https://source.android.com/docs/security/features/veri f iedboot/dm-verity -https://android.googlesource.com/platform/hardware/interfaces/+/master/boot/1.0/IBootControl.hal -https://developer.android.com/training/articles/security-key-attestation -https://source.android.com/docs/core/architecture/partitions -https://source.android.com/docs/core/ota/ab -https://android.googlesource.com/platform/external/avb/+/master/README.md#the-vbmeta-digest and many more… 38

39. Thank you 39